1.1 Compute Nodes
Compute nodes are bare metal servers or virtual machines running in the cloud or on-premise.
Users can label compute nodes when registering to Fortanix Confidential Computing Manager (CCM) to provide identity and policy management on the compute nodes. Before running a Compute Node, it must be enrolled in the Fortanix CCM. This is called the Node Enrollment process.
1.2 Node Agent
Fortanix Node Agent software enables registration of the compute nodes to Fortanix CCM when installed on a compute node.
The Node Agent assists in the verification of Hardware and Platform software running on the compute nodes.
The Node Agent also assists with application attestation and visibility for Fortanix CCM.
1.3 Manage Nodes using Fortanix CCM
- Sign in to the Fortanix CCM UI, and navigate to the Infrastructure menu item.
- Click the IP address of the node that you want to investigate. An information screen opens.
- On the information screen, you can choose to deactivate/delist the node or download the certificate that is used.
1.4 Download Confidential Computing Manager Node Attestation Certificate
To download the CCM node attestation certificate:
- Navigate to the Infrastructure → Compute Nodes menu item in CCM UI left navigation bar, and click the compute node for which you want to download the certificate. Figure 1: Select Node
- You can download the certificate from the Compute Node detailed view using the DOWNLOAD CERTIFICATE option on the right. This certificate contains Intel SGX details such as CPUSVN (CPU Security Version Number) of the compute node, MRENCLAVE of the node agent software, and so on, as seen from the screenshot below.
Figure 2: Download Certificate